An embodiment of the invention provides a mechanism for measuring the performance characteristics of data sent across any communication path configured to carry data between two or more computational devices (e.g., local area networks, wide area network, virtual private networks, wireless networks, or any other type of interconnect mechanism). In a test environment, processing speed is a critical part of producing test equipment that can process network protocol data in real-time. Embodiments of the invention provide network test equipment with a methodology for performing enough lookup processing operations to keep up with the real time frame rates of a gigabit Ethernet network. This is accomplished in accordance with one embodiment of the invention by improving the performance of the connection lookup processor in test devices.
|
11. A method for measuring the performance of protocol data in a data communication network comprising:
testing the performance of protocol data, said testing comprising: obtaining protocol data comprising connection data from a data communication network; performing a polynomial hashing operation on said connection data to produce a hash vector; searching a hash vector table to determine a location to store said hash vector; obtaining a stored key from a free list and linking said hash vector into said stored key when said hash vector table is zero; and searching for said hash vector when said hash vector table is not zero. 35. A method for testing the performance of tcp data in a tcp/IP network comprising:
obtaining tcp data having connection data comprising source data and destination data; providing said connection data as a hash key to a polynomial hashing operation; executing said polynomial hashing operation to generate a hash vector; searching a hash vector table to determine a location to store said hash vector, wherein said searching comprises: determining if a location associated with said hash vector in said hash vector table is empty; and obtaining a stored key from a free list and associating said stored key with said location in said hash vector table when said location is empty. 21. A computer program product comprising:
a computer usable medium having computer readable program code for measuring the performance of protocol data in a data communication network comprising embodied therein said computer readable program code configured to: obtain protocol data comprising connection data from a data communication network; execute a polynomial hashing operation on said connection data to produce a hash vector; search a hash vector table to determine a location to store said hash vector; obtain a stored key from a free list and link said hash vector into said stored key when said hash vector table is zero; and search for said hash vector when said hash vector table is not zero. 31. A system for testing the performance of tcp data in a data communication network comprising:
a data communication network configured to transport tcp data having source data and destination data; a testing device comprising a lookup processor, said lookup processor configured to obtain said tcp data from said data communication network and execute a polynomial hashing operation using said source data and said destination data as a hash key to produce a hash vector; said lookup processor initiating a search of a hash vector table to determine a location to store said hash vector; said lookup processor determining if a location associated with said hash vector in said hash vector table is empty; and said lookup processor obtaining a stored key from a free list and associating said stored key with said location in said hash vector table when said location is empty.
1. A testing apparatus for measuring the performance of protocol data in a data communication network comprising:
a testing device comprising a lookup processor; said lookup processor configured to obtain protocol data from a data communication network; said protocol data comprising connection data; said lookup processor performing a polynomial hashing operation using said connection data as a hash key to produce a hash vector; said lookup processor initiating a search of hash vector values in a hash vector table to determine a location to store said hash key; wherein said lookup processor is configured to obtain a stored key from a free list and link said hash vector into said stored key when value of said hash vector table is zero; and wherein said lookup processor is configured to search for said hash vector when said value of said hash vector table is not zero.
2. The testing apparatus of
3. The testing apparatus of
4. The testing apparatus of
5. The testing apparatus of
6. The testing apparatus of
7. The testing apparatus of
10. The testing apparatus of
12. The method of
13. The method of
16. The method of
17. The method of
20. The method of
22. The computer program product of
23. The computer program product of
24. The computer program product of
25. The computer program product of
26. The computer program product of
27. The computer program product of
28. The computer program product of
30. The computer program product of
33. The system of
said lookup processor searching said hash vector table for said hash vector.
34. The system of
36. The method of
searching said hash vector table for said hash vector.
37. The method of
|
This invention relates to the field of computer technology. More specifically, the invention relates to a method and apparatus for measuring protocol performance in a data communication network.
Portions of the disclosure of this patent document contain material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office file or records, but otherwise reserves all copyrights whatsoever.
In order to transmit data from one computer to another the data may be sent across computer networks. So that each computer connected to the network can send and receive data from other computers on the network, each of the interconnected computers is typically configured to understand one or more common protocols. Each protocol defines a format for encapsulating data and transmitting that data across the network. Protocols designed to send data across packet switched networks (e.g., the Internet) typically divide the data that is to be transmitted into sets of packets. Each packet is then sent through the network to the indicated destination. The path that each packet takes may vary, but in every instance the packet data will be sent through network equipment such as a router, switch, hub, and/or any other type of network node.
The performance of the network is dependent upon how quickly the packet data is transmitted through such network equipment. Modern network equipment is designed to move packet data through the network at rates that exceed the connection speed. If, for example, a router is connected to a Gigabit Ethernet network, that router must be capable of moving data at speeds that do not lead to bottlenecking. If a certain device is not able to operate on the packet data at such rates, the network becomes bottlenecked and the overall data transfer rate associated with the entire network can decrease. Therefore, a constant concern network engineers have is whether, or not, the equipment being connected to the network can adequately handle the data speeds of the network. When the routing hardware is efficient, the network itself is efficient.
To address this concern, network engineers and others responsible for ensuring the network remains efficient use devices that can test the speed of the routers and other such pieces of hardware utilized to control packet flow. Such test devices are generally referred to as network test devices. A problem encountered by such test devices is that to effectively measure the performance of protocol data, the test equipment itself must be able to keep up with the transmission speeds of the routing hardware and the data line. In order to assess the behavior of the network for each of the connections, the test equipment must be able to perform a lookup operation to associate each packet with a particular connection. The test equipment must be able to perform this required connection lookup processing for each packet at any given transmission speed. Current performance testing systems have a limited capacity for performing this connection lookup and for processing protocol data when the network speed exceeds one Gigabit per second.
Thus, there is a need for improving the efficiency of connection lookup operations while placing one or more network devices under test.
An embodiment of the invention provides a mechanism for measuring the performance characteristics of data sent across any communication path configured to carry data between two or more computational devices (e.g., local area networks, wide area network, virtual private networks, wireless networks, or any other type of interconnect mechanism). In a test environment, processing speed is a critical part of producing test equipment that can process network protocol data in real-time. Embodiments of the invention provide network test equipment with a methodology for performing enough lookup processing operations to keep up with the real time frame rates of a gigabit Ethernet network.
This is accomplished in accordance with one embodiment of the invention by improving the performance of the connection lookup processor in test devices. The lookup processor initiates processing when it obtains connection data (e.g., TCP) from a request FIFO. Once the lookup processor receives an incoming datagram containing connection data (e.g., TCP or any other type of datagram to be evaluated), the processor determines a connection index that corresponds to the connection represented by the datagram. Each connection is uniquely identified by the source and destination information associated with the datagram. For instance, each incoming connection may be uniquely identified by examining the source address, destination address, source port, and destination port associated with the connection. Once the connection data is obtained, that data is utilized to perform a lookup operation. During the lookup operation a hashing operation is performed on the connection data and the connection data is associated with an index or hash vector used to find the table of state information for the connection. In accordance with one embodiment of the invention, the lookup operation is performed using an SDRAM memory configured as a chained hash table, using a polynomial hashing algorithm.
Because the lookup processing is performed in a performance measurement system, the hashing algorithm that is selected must be capable of performing enough lookup processing operations to keep up with the frame rates of a Gigabit per second or above Ethernet network. Therefore, the invention contemplates the use of a polynomial hashing algorithm that seeks to distribute the incoming keys as evenly as possible over the range of possible hash function values. The degree of the polynomial used by the hashing algorithm at step 302 is chosen in one embodiment of the invention to give the desired range of hash vectors. Thus, the depth of the linked lists associated with the chained hash table is minimized and the efficiency associated with lookup processing is increased. When the system embodying the invention is configured to handle at least 2 million connections, the chained hash table has an unallocated size capable of storing 2097152 Keys. A suitable hashing polynomial would be 19th degree; this produces 524288 distinct hash vectors.
When polynomial hashing is utilized the key to be hashed (e.g., a 96-bit key) is passed through a polynomial division operation. The remainder from the division operation becomes the value of the hash function utilized for the table lookup. The performance of the hashing algorithm is dependent upon the hashing polynomial that is selected. For instance some polynomials perform better than others. The degree of the polynomial that is selected depends upon how many bits are desired in the hash value itself. For a CRC polynomial of order N, the number of unique hash values possible is 2N. In one embodiment of the invention, the polynomial order is approximately ¼ the size of the number of lookups desired. For example, for 2 million connections the maximum size of the lookup table is 2,097,152 (221) therefore the polynomial that would maximize efficiency in one embodiment of the invention would be a polynomial of size 219. For a polynomial to be utilized in a hash function, the polynomial should be primitive. For degree 19, there are at least 11 primitive polynomials. In one embodiment of the invention polynomial 7 is viewed as the most effective polynomial. However, other polynomial hashing algorithms can be incorporated into embodiments of the invention and utilized during lookup processing.
A method and apparatus for testing protocol performance in a data communication network is described. In the following description numerous specific details are set forth in order to provide a more thorough understanding of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without these specific details. In other instances, well-known features have not been described in detail so as not to obscure the invention.
System Overview
An embodiment of the invention provides a mechanism for measuring and/or testing the performance characteristics of data sent across any communication path configured to carry data between two or more computational devices (e.g., local area networks, wide area network, virtual private networks, wireless networks, or any other type of interconnect mechanism). In a test environment, processing speed is a critical part of producing test equipment that can process network protocol data in real-time. Embodiments of the invention provide network test equipment with a methodology for performing enough lookup processing operations to keep up with the real time frame rates of a gigabit Ethernet network. However, the invention also has applicability in other network environments and is not limited solely to gigabit Ethernet networks.
In one embodiment the mechanism for measuring performance characteristics data is configured to test the performance of data sent using one or more standard protocols. For instance, the system may determine the performance of data associated with a protocol connection such as a TCP connection. TCP is utilized herein as an example of the type of data embodiments of the invention may operate on. However, the methodologies described herein are also applicable to other types of network communication protocols. The reader should also note that embodiments of the invention may be implemented in hardware and/or software form. For instance, the invention may be incorporated into a computer program product or be embedded into one or more portions of a hardware apparatus.
When protocol data is transmitted across a network, the protocol data is routed through one or more intermediate nodes. For example, data sent from one network to another may be transmitted through multiple routers, switches, hubs, and other sorts of network nodes or computational devices. Embodiments of the invention provide a mechanism for analyzing the performance of devices utilized to move protocol data through the network. For instance, referring now to
When network 102 is a high-speed network (e.g., 1 gigabit+Ethernet), protocol engine 101 (which may processes TCP and other types of data) in test device 100 can efficiently perform a large number (e.g., millions) of connection lookup operations. Thus, embodiments of the invention provide a mechanism for improving the efficiency of connection lookup operations while placing one or more network devices under test. For instance in an embodiment of the invention targeted to Gigabit+Ethernet, a lookup processor, configured in accordance with the invention and having access to SDRAM memory with 8 MDwords, can perform lookup processing of up to 2 Mconnections, at full line rate of 1.488 Mconnections per second. For example, when the minimum Ethernet frame has a size of 64 bytes, plus an 8-byte preamble (72 bytes total), the time required to transmit this frame at the link clock rate, plus the minimum inter-frame gap, typically determines the minimum interval between successive worst case frames. If, for example, the link transfers data across the link at a byte rate of 125 MHz, and has a minimum inter-frame gap of 96 nanoseconds. The time for transmitting is typically 72/(125×106)=576×10-9=576 nanoseconds. The minimum interval between worst case frames is then 576+96=672 nanoseconds. Thus, in a worst case scenario the lookup processor embodying the invention can perform a connection index lookup within 672 nanoseconds. The reader should note that the exact number of connections, the system may process, can increase or decrease depending upon the environmental characteristics in which the lookup processor is operating within. Thus, the invention may function quicker or slower than the example provided herein. The invention may be implemented in other types of networks that have other characteristics and therefore perform lookup processing operations at varying speeds.
Connection Lookup Processing
Upon generation of a hash vector, memory address generator 280 obtains a memory address for examination of stored keys associated with the hash vector within the lookup memory 286. If the content of the hash vector memory location is zero, then this hash vector has not previously been seen. In that case, the formatted hash key is written into a free stored key area within the memory, and the hash vector that contained zero is written with the address of that stored key area. If the content of the hash vector memory location is non-zero, then this hash vector has been previously seen, and the hash vector points to a linked list of stored keys associated with that hash vector. The lookup sequence and control logic 281 along with the hash key and stored key comparison 279 function to search the linked list for an entry whose stored key matches the incoming hash key. When processing is complete, the result (a value encoded from the memory address of the matching or newly added stored key) is passed to the results FIFO 282.
Source IP Address | 32 bits for IPv4 128 for IP6 | |
Source Port | 16 bits | |
Destination IP Address | 32 bits for IPv4 128 bits for IP6 | |
Destination Port | 16 bits | |
Data utilized for such purposes may vary in size depending upon the protocol that data conforms with and the system incorporating aspects of the invention is designed so that it may be adapted for use with future and past data communication protocols.
Once the connection data is obtained, that data is utilized to perform a lookup operation. During the lookup operation a hashing operation is performed on the connection data (e.g., at step 302) and the connection data is associated with an index or hash vector used to find the table (e.g., step 304) of state information for the connection.
Perform Polynomial Hashing
In accordance with one embodiment of the invention, the lookup operation is performed using an SDRAM memory configured as a chained hash table, using a polynomial hashing algorithm. The invention is not limited solely to polynomial hashing algorithms, however polynomial hashing is used in accordance with one embodiment of the invention as it provides a hardware-efficient and extensible means for generating a hash vector from an arbitrary input key. The invention also contemplates the use of other forms of memory in addition to SDRAM and is not limited to the use of such memory.
Once the connection data is obtained at step 300, that data (which comprises the connection's source address, destination address, a source port, and address port) is used as a hash key. This technique may be utilized to process varying types of protocol connection data. For instance, the size of the connection data varies depending upon whether the connection data conforms to the Internet Protocol Version 6 (IPV6) or Internet Protocol Version 4 (IPV4) standard. In the case of IPV4, the hash key comprises the source and destination IP addresses and ports. When the system is configured to process IPV6 data, the hash key is larger than it is with IPV4 data because the address data is 128 bits instead of 32. However, the reader should note that embodiments of the invention may operate on connection data of any size or type. Thus, changes in the bit size or protocol definition do not necessarily modify the mechanism for processing data described herein.
Table A shown below illustrates how the addresses and ports may be organized into a set of DWORDs to be used as a hash key. For example, a set of three 32-bit words is appropriate for IPv4. For IPv6, the hash key will be longer, because the addresses are longer. Note that terms "Near" and "Far" addresses may be utilized instead of source and destination address. This allows the same indexing to be used for the Transmitter logic as well as the Receive logic. However, the invention may also utilize source and destination addresses.
TABLE A | ||
Near IP Address | ||
Far IP Address | ||
Near Port # | Far Port # | |
The connection data which represents a hash key is then processed by an appropriate hashing algorithm and associated with a hash vector (e.g., at step 302). In one embodiment of the invention, the hash key is passed through a polynomial hashing operation where the quotient is initialized to all 1's. The output of this operation is referred to in accordance with one embodiment of the invention as a hash vector or index. Thus, an embodiment of the invention utilizes a hash function h(k) that takes a 96-bit key K (composed of 2 IP addresses & port information) and produces an N-bit hash value used to start a table search (e.g., at step 304).
Because the lookup processing is performed in a performance measurement system, the hashing algorithm that is selected must be capable of performing enough lookup processing operations to keep up with the frame rates of a Gigabit+Ethernet network. Therefore, the invention contemplates the use of a hashing algorithm that distributes all incoming keys as evenly as possible over the range of possible hash function values.
The performance of the hashing algorithm at step 302 is dependent upon the hashing polynomial that is selected. For instance some polynomials perform better than others. Embodiments of the invention utilize various polynomials and the invention is not limited to a particular polynomial hashing algorithm. The degree of the polynomial that is selected depends upon how many bits are desired in the hash value itself. For a CRC polynomial of order N, the number of unique hash values possible is 2N. In one embodiment of the invention, the polynomial order is approximately ¼ the size of the number of lookups desired (see e.g., step 400). For example, for 2 million connections the maximum size of the lookup table is 2,097,152 (221) therefore the polynomial that would maximize efficiency in one embodiment of the invention would be a polynomial of size 219. The reader should note that although one specific mechanism for selecting polynomials is described, that the invention contemplates the use of polynomials of varying order.
For a polynomial to be utilized in a hash function, the polynomial should be primitive. For degree 19, there are at least 11 primitive polynomials. The polynomials themselves are listed below in octal representation:
Polynomial 1 | 2000047 | |
Polynomial 2 | 2020471 | |
Polynomial 3 | 2013211 | |
Polynomial 4 | 2570103 | |
Polynomial 5 | 2561427 | |
Polynomial 6 | 2227023 | |
Polynomial 7 | 2001711 | |
Polynomial 8 | 2331067 | |
Polynomial 9 | 3146455 | |
Polynomial 10 | 3610353 | |
Polynomial 11 | 2766447 | |
In one embodiment of the invention polynomial 7 is viewed as the most effective polynomial. Thus, referring now to
When polynomial hashing is utilized the key to be hashed (e.g., a 96-bit key of connection data) is passed through a polynomial division operation (see e.g., steps 402 and 404). The remainder from the division operation becomes the value of the hash function utilized for the table lookup. Polynomial hashing is not typically used during lookup processing because it is a computationally intensive technique when implemented in software form. Thus, hardware implementations using a polynomial-hashing algorithm may be more efficient. Thus, one embodiment of the invention contemplates the use of a computational mechanism similar to a CRC polynomial (e.g., the standard FCS-16) implemented in hardware using pipeline architectures. In such an embodiment, the chosen hashing polynomial is substituted for the FCS16 polynomial. The pipeline architecture enables the hardware embodiment of the invention to efficiently perform lookup processing in spite of the delay imposed by the polynomial operation. The reader should note, however, that software implementations of the invention are also contemplated.
Initiate Search of Values in Hash Vector Table
Once the connection data is utilized as a hash key (e.g., step 402) and passed through the polynomial hashing operation (e.g., step 404), the system initiates a search of the hash vector table (see e.g., step 304). As is typically the case with hash lookup techniques, a process for dealing with collisions must be established.
A collision occurs when more than one key value produces the same value from the chosen hash function. If for instance, two different sets of connection data processed by the hashing algorithm produce the same hash vector (key value) then a collision is said to have occurred. Embodiments of the invention contemplate the use of multiple techniques for handling collisions. One such technique is referred to as open addressing using linear probing. When this technique is utilized, the systems embodying the invention are configured to evaluate the address indicated by the hash function value and test the constant in that location. If the location is empty, (e.g., the value of the hash vector table is zero, step 306) that location may be utilized for the key (e.g., step 310). If that location is not empty, successive locations are evaluated until an empty location is found (e.g., 308) or until a match occurs, in which case the lookup operation is complete. When an empty location is found the stored key is obtained from a free list and stored in the available location.
Another mechanism for handling collisions is referred to as open addressing using double hashing. In this instance, if the address indicated by the hashing function value is already in use, then a second hashing function is used to determine where to look next. A third process for handling collisions involves "chaining". In this method, the hash function points to a vector of pointers to a list of key having the same hash function value.
Hash Memory Allocation
The following section provides further explanation of the technique utilized in embodiments of the invention to enhance the connection lookup processing speed of a network performance measurement device. Referring back to
TABLE 0-1 | ||
Stored Key Format | ||
Near IP Address | ||
Far IP Address | ||
Near Port # | Far Point # | |
Next Key Index | ||
In one embodiment of the invention, memory 255 is SDRAM and has room for 2097152 stored keys. The memory size is thus
2097152*16=33554432 (32 Mbyte)
The first part of SDRAM memory is allocated to a hash pointer table (see e.g.,
Initially, the stored keys may be linked together into a list that may be referred to as the free list (e.g. 630). A pointer to the first element in the free list may be maintained in the FREE_LIST Register (e.g. 610). The FREE_LIST register may be initialized, in one embodiment of the invention, to 0×20000, pointing to the first stored key past the hash pointer table. The first stored key may therefore have its next key index set to 0×200001, etc. The final stored key in the table would have a next key index of zero.
Hash Memory Lookup
To look up a protocol connection (e.g., a TCP connection), connection data (e.g. 600) is collected from the data packets of a network connection. A connection key is generated (e.g. 610). The connection key is stored in the first element (e.g. 632 and 633) of the free list (e.g. 630). The connection key is passed through the polynomial hashing processor (e.g. 603) to generate a hash vector (to which it is also referred as hash key). The hash vector is used as a lookup key in the hash table (e.g. 650). The result of the lookup in the hash table is an offset into the hash memory that contains the value of a hash pointer.
A hash pointer value of zero (e.g., 652) means that the hash key is encountered for the first time. In this case, the lookup processor stores the new connection key by obtaining an unused stored key from the free list, copying the connection key contents into the stored key, and linking that stored key into the list associated with the hash key. A hash pointer containing a value different from zero means, that the hash key has been encountered at least once--a collision has occurred. The value of the hash key is a pointer to the top of a linked list of stored keys. The lookup processor traverses the linked list matching the value of the connection key with each of the stored keys. If one of the keys results in a match, the lookup is finished. If the linked list is completely traversed without a match, then a new stored key must be added to the linked list for this hash pointer by obtaining an unused stored key from the free list, copying the connection key contents into the stored key, and linking that stored key into the linked list that had been traversed with no match.
When a hash pointer value is zero (e.g., block 652), meaning that the hash vector has been encountered for the first time, the new key should be inserted to become to top of a linked list of stored keys. To insert a new stored key, the value in FREE_LIST register (e.g., 620) is written into the hash pointer (e.g. 652) making the first element of the free list become the top of the linked list of stored keys for the hash key. The content of the next index (e.g. 633) of the first stored key (pointing to the next free stored key e.g. 634) is copied into the FREE_LIST Register (e.g. 620) making the next stored key (e.g. 632) in the free list become the top of the free list. On the other hand, the next index of the first stored key of the linked list of the hash key is set to zero making it the last element of the linked list of stored keys for the hash key.
When a hash pointer contains a value different from zero (e.g., block 654), meaning that the hash key has been previously encountered, the hash pointer points to the top of a linked list containing stored keys. The linked list is traversed matching the connection key with each of the stored keys. If a match is found, the connection key lookup is finished. If no match if found, the new key is added to the linked list. Adding a key to the linked list is done (as previously described) by writing the address of the top element of the free list (new connection key) to the hash pointer making the new stored key the top of the linked list, or by writing the address of the top element of the free list into one of the element of the existing stored keys in the linked list. The next index pointers are also set appropriately to preserve data integrity.
In an embodiment of the invention, when a tracked networked connection is closed, the connection data is used to to compute the hash key (e.g. 603) and lookup the stored key. The hash memory storing the key is recovered by appending the memory to the free list and appropriately setting the next-index pointers in the stored key linked list where the stored key corresponding to the closed connection used to belong.
Patent | Priority | Assignee | Title |
10015143, | Jun 05 2014 | F5 Networks, Inc | Methods for securing one or more license entitlement grants and devices thereof |
10015286, | Jun 23 2010 | F5 Networks, Inc. | System and method for proxying HTTP single sign on across network domains |
10097616, | Apr 27 2012 | F5 Networks, Inc. | Methods for optimizing service of content requests and devices thereof |
10122630, | Aug 15 2014 | F5 Networks, Inc | Methods for network traffic presteering and devices thereof |
10135831, | Jan 28 2011 | F5 Networks, Inc. | System and method for combining an access control system with a traffic management system |
10157280, | Sep 23 2009 | F5 Networks, Inc | System and method for identifying security breach attempts of a website |
10182013, | Dec 01 2014 | F5 Networks, Inc | Methods for managing progressive image delivery and devices thereof |
10187317, | Nov 15 2013 | F5 Networks, Inc | Methods for traffic rate control and devices thereof |
10230566, | Feb 17 2012 | F5 Networks, Inc | Methods for dynamically constructing a service principal name and devices thereof |
10375155, | Feb 19 2013 | F5 Networks, Inc. | System and method for achieving hardware acceleration for asymmetric flow connections |
10404698, | Jan 15 2016 | F5 Networks, Inc. | Methods for adaptive organization of web application access points in webtops and devices thereof |
10505792, | Nov 02 2016 | F5 Networks, Inc | Methods for facilitating network traffic analytics and devices thereof |
10505818, | May 05 2015 | F5 Networks, Inc | Methods for analyzing and load balancing based on server health and devices thereof |
10721269, | Nov 06 2009 | F5 Networks, Inc. | Methods and system for returning requests with javascript for clients before passing a request to a server |
10791088, | Jun 17 2016 | F5 Networks, Inc | Methods for disaggregating subscribers via DHCP address translation and devices thereof |
10791119, | Mar 14 2017 | F5 Networks, Inc.; F5 Networks, Inc | Methods for temporal password injection and devices thereof |
10797888, | Jan 20 2016 | F5 Networks, Inc | Methods for secured SCEP enrollment for client devices and devices thereof |
10812266, | Mar 17 2017 | F5 Networks, Inc | Methods for managing security tokens based on security violations and devices thereof |
10834065, | Mar 31 2015 | F5 Networks, Inc | Methods for SSL protected NTLM re-authentication and devices thereof |
10931662, | Apr 10 2017 | F5 Networks, Inc. | Methods for ephemeral authentication screening and devices thereof |
10972453, | May 03 2017 | F5 Networks, Inc. | Methods for token refreshment based on single sign-on (SSO) for federated identity environments and devices thereof |
11044200, | Jul 06 2018 | F5 Networks, Inc | Methods for service stitching using a packet header and devices thereof |
11063758, | Nov 01 2016 | F5 Networks, Inc. | Methods for facilitating cipher selection and devices thereof |
11070451, | Dec 11 2017 | Spirent Communications, Inc | Method and system for inducing pseudo HTTPS communications between one or more emulated servers and emulated clients to test a device therebetween |
11108815, | Nov 06 2009 | F5 Networks, Inc. | Methods and system for returning requests with javascript for clients before passing a request to a server |
11122042, | May 12 2017 | F5 Networks, Inc | Methods for dynamically managing user access control and devices thereof |
11122083, | Sep 08 2017 | F5 Networks, Inc; F5 Networks, Inc. | Methods for managing network connections based on DNS data and network policies and devices thereof |
11178150, | Jan 20 2016 | F5 Networks, Inc | Methods for enforcing access control list based on managed application and devices thereof |
11182399, | Sep 04 2018 | SPIRENT COMMUNICATIONS, INC. | Effective correlation of multiple time-series result sets |
11343237, | May 12 2017 | F5 Networks, Inc | Methods for managing a federated identity environment using security and access control data and devices thereof |
11350254, | May 05 2015 | F5 Networks, Inc | Methods for enforcing compliance policies and devices thereof |
11374973, | Dec 20 2018 | Spirent Communications, Inc | Streamlining cryptographic processes in a test environment |
11496438, | Feb 07 2017 | F5, Inc. | Methods for improved network security using asymmetric traffic delivery and devices thereof |
11658995, | Mar 20 2018 | F5 Networks, Inc | Methods for dynamically mitigating network attacks and devices thereof |
11757946, | Dec 22 2015 | F5 Networks, Inc | Methods for analyzing network traffic and enforcing network policies and devices thereof |
11824740, | Dec 11 2017 | SPIRENT COMMUNICATIONS, INC. | Method and system for inducing secure communications between one or more emulated servers and emulated clients to test a device therebetween |
11838851, | Jul 15 2014 | F5 Networks, Inc | Methods for managing L7 traffic classification and devices thereof |
11868360, | Sep 04 2018 | SPIRENT COMMUNICATIONS, INC. | Effective correlation of multiple time-series result sets |
11895138, | Feb 02 2015 | F5 Networks, Inc | Methods for improving web scanner accuracy and devices thereof |
7443857, | Jul 09 2003 | Cisco Technology Inc. | Connection routing based on link utilization |
7490162, | May 15 2002 | F5 Networks, Inc.; F5 Networks, Inc | Method and system for forwarding messages received at a traffic manager |
7539176, | Apr 02 2004 | Cisco Technology Inc. | System and method for providing link, node and PG policy based routing in PNNI based ATM networks |
7774484, | Dec 19 2002 | F5 Networks, Inc. | Method and system for managing network traffic |
7826381, | May 30 2008 | Spirent Communications, Inc | Method and device test data streams bound to emulated devices |
7957365, | Jul 09 2003 | Cisco Technology, Inc. | Connection routing based on link utilization |
7958387, | May 30 2008 | Spirent Communications, Inc | Realtime test result promulgation from network component test device |
7979712, | Jul 01 2002 | International Business Machines Corporation | Network system, server and information terminal for list matching |
8117456, | Jul 01 2002 | International Business Machines Corporation | Network system, server and information terminal for list matching |
8150957, | Dec 19 2002 | F5 Networks, Inc. | Method and system for managing network traffic |
8176164, | Dec 19 2002 | F5 Networks, Inc. | Method and system for managing network traffic |
8264972, | May 30 2008 | Spirent Communications, Inc | Method and apparatus for emulating network devices |
8418233, | Jul 29 2005 | F5 Networks, Inc.; F5 Networks, Inc | Rule based extensible authentication |
8463909, | Sep 15 2010 | F5 Networks, Inc | Systems and methods for managing server resources |
8533308, | Aug 12 2005 | F5 Networks, Inc.; F5 Networks, Inc | Network traffic management through protocol-configurable transaction processing |
8539062, | Dec 19 2002 | F5 Networks, Inc. | Method and system for managing network traffic |
8559313, | Feb 01 2006 | F5 Networks, Inc. | Selectively enabling packet concatenation based on a transaction boundary |
8565088, | Feb 01 2006 | F5 Networks, Inc. | Selectively enabling packet concatenation based on a transaction boundary |
8566444, | Oct 30 2008 | F5 Networks, Inc.; F5 Networks, Inc | Methods and system for simultaneous multiple rules checking |
8576829, | Aug 08 2006 | Aeroscout, Ltd. | Multi-channel TDOA system |
8611222, | Feb 01 2006 | F5 Networks, Inc. | Selectively enabling packet concatenation based on a transaction boundary |
8627467, | Jan 14 2011 | F5 Networks, Inc.; F5 Networks, Inc | System and method for selectively storing web objects in a cache memory based on policy decisions |
8630174, | Sep 14 2010 | F5 Networks, Inc | System and method for post shaping TCP packetization |
8645556, | May 15 2002 | F5 Networks, Inc. | Method and system for reducing memory used for idle connections |
8675655, | Oct 08 2001 | WSOU Investments, LLC | Method for distributing load over multiple shared resources in a communication network and network applying such a method |
8676955, | Dec 19 2002 | F5 Networks, Inc. | Method and system for managing network traffic |
8804504, | Sep 16 2010 | F5 Networks, Inc. | System and method for reducing CPU load in processing PPP packets on a SSL-VPN tunneling device |
8806053, | Apr 29 2008 | F5 Networks, Inc. | Methods and systems for optimizing network traffic using preemptive acknowledgment signals |
8868961, | Nov 06 2009 | F5 Networks, Inc. | Methods for acquiring hyper transport timing and devices thereof |
8874783, | May 15 2002 | F5 Networks, Inc. | Method and system for forwarding messages received at a traffic manager |
8886981, | Sep 15 2010 | F5 Networks, Inc.; F5 Networks, Inc | Systems and methods for idle driven scheduling |
8908545, | Jul 08 2010 | F5 Networks, Inc. | System and method for handling TCP performance in network access with driver initiated application tunnel |
8959571, | Oct 29 2010 | F5 Networks, Inc.; F5 Networks, Inc | Automated policy builder |
9077554, | Mar 21 2000 | F5 Networks, Inc. | Simplified method for processing multiple connections from the same client |
9083760, | Aug 09 2010 | F5 Networks, Inc | Dynamic cloning and reservation of detached idle connections |
9106606, | Feb 05 2007 | F5 Networks, Inc | Method, intermediate device and computer program code for maintaining persistency |
9130846, | Aug 27 2008 | F5 Networks, Inc.; F5 Networks, Inc | Exposed control components for customizable load balancing and persistence |
9141625, | Jun 22 2010 | F5 Networks, Inc | Methods for preserving flow state during virtual machine migration and devices thereof |
9172753, | Feb 20 2012 | F5 Networks, Inc | Methods for optimizing HTTP header based authentication and devices thereof |
9210177, | Jul 29 2005 | F5 Networks, Inc. | Rule based extensible authentication |
9225479, | Aug 12 2005 | F5 Networks, Inc. | Protocol-configurable transaction processing |
9231879, | Feb 20 2012 | F5 Networks, Inc. | Methods for policy-based network traffic queue management and devices thereof |
9246819, | Jun 20 2011 | F5 Networks, Inc.; F5 Networks, Inc | System and method for performing message-based load balancing |
9270766, | Dec 30 2011 | F5 Networks, Inc | Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof |
9292397, | May 14 2012 | NETLOAD, INC | Light-weight method and apparatus for testing network devices and infrastructure |
9313047, | Nov 06 2009 | F5 Networks, Inc. | Handling high throughput and low latency network data packets in a traffic management device |
9554276, | Oct 29 2010 | F5 Networks, Inc | System and method for on the fly protocol conversion in obtaining policy enforcement information |
9614772, | Oct 20 2003 | F5 Networks, Inc. | System and method for directing network traffic in tunneling applications |
9647954, | Mar 21 2000 | F5 Networks, Inc | Method and system for optimizing a network by independently scaling control segments and data flow |
9832069, | May 30 2008 | F5 Networks, Inc. | Persistence based on server response in an IP multimedia subsystem (IMS) |
9967331, | Feb 05 2007 | F5 Networks, Inc. | Method, intermediate device and computer program code for maintaining persistency |
9985976, | Dec 30 2011 | F5 Networks, Inc. | Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof |
RE47019, | Jul 14 2010 | F5 Networks, Inc. | Methods for DNSSEC proxying and deployment amelioration and systems thereof |
Patent | Priority | Assignee | Title |
4588985, | Dec 30 1983 | International Business Machines Corporation | Polynomial hashing |
4853928, | Aug 28 1987 | Agilent Technologies Inc | Automatic test generator for logic devices |
5838919, | Sep 10 1996 | IXIA | Methods, systems and computer program products for endpoint pair based communications network performance testing |
5881237, | Sep 10 1996 | IXIA | Methods, systems and computer program products for test scenario based communications network performance testing |
5937165, | Sep 10 1996 | IXIA | Systems, methods and computer program products for applications traffic based communications network performance testing |
6034958, | Jul 11 1997 | Telefonaktiebolaget LM Ericsson | VP/VC lookup function |
6061725, | Sep 10 1996 | IXIA | Endpoint node systems computer program products for application traffic based communications network performance testing |
6397359, | Jan 19 1999 | JPMORGAN CHASE BANK, N A , AS SUCCESSOR AGENT | Methods, systems and computer program products for scheduled network performance testing |
6408335, | Sep 10 1996 | IXIA | Methods, systems and computer program products for endpoint pair based communications network performance testing |
6457142, | Oct 29 1999 | WSOU Investments, LLC | Method and apparatus for target application program supervision |
20010034839, | |||
20020062223, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Aug 28 2001 | HATLEY, TOM | Spirent Communications | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 012720 | /0309 | |
Aug 30 2001 | Spirent Communications | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Jun 07 2007 | REM: Maintenance Fee Reminder Mailed. |
Nov 21 2007 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Nov 21 2007 | M1554: Surcharge for Late Payment, Large Entity. |
May 25 2011 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
May 25 2015 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
Date | Maintenance Schedule |
Nov 25 2006 | 4 years fee payment window open |
May 25 2007 | 6 months grace period start (w surcharge) |
Nov 25 2007 | patent expiry (for year 4) |
Nov 25 2009 | 2 years to revive unintentionally abandoned end. (for year 4) |
Nov 25 2010 | 8 years fee payment window open |
May 25 2011 | 6 months grace period start (w surcharge) |
Nov 25 2011 | patent expiry (for year 8) |
Nov 25 2013 | 2 years to revive unintentionally abandoned end. (for year 8) |
Nov 25 2014 | 12 years fee payment window open |
May 25 2015 | 6 months grace period start (w surcharge) |
Nov 25 2015 | patent expiry (for year 12) |
Nov 25 2017 | 2 years to revive unintentionally abandoned end. (for year 12) |